Horizontal Internet of Things Cyber ​​security standards are missing

The European Union (EU) is working to update its cybersecurity laws, and the existing European Union (EU) report Wednesday (September 8) called for horizontal regulation, emphasizing the lack of basic cybersecurity standards.

As the number of devices connected to the Internet (IoT) in people’s homes and in everyday life increases, the risk of cyber-attacks increases.

The latest attempt by hackers on Euroconsumers shows that the most common home appliances, such as WiFi routers, baby monitors and alarm systems, suffer from serious vulnerabilities, making them vulnerable to potential violations.

According to a report from Digital Europe, the current production law is short on cyber security.

“Because its scope and compatibility assessment methods are generally designed to address physical production functions, the current production law may not properly address the more prominent administrative or organizational aspects of more types of equipment,” he said.

Last December, as part of the EU’s new cyber security strategy, the European Commission proposed the first EU law to review the cyber security requirements set out in the Network and Information Security (NIS) Directive.

The new law, called NIS2, is intended to strengthen and expand existing control over the size and scope of cyber threats in response to a general increase in cyber threats, but also increased network and data dependence due to the epidemic. Services.

Clara Jordan, Chief Public Policy Officer of the Atlantic Council, is a “vortex club” that “undermines confidence in the digital ecosystem and prevents us from making full use of technology.” The Cyber ​​Peace Institute recently warned at a cyber security conference.

Agreed and horizontal steps

Experts who have studied Digital Europe report strongly warn that cyber security should not be completely or primarily focused on product-related behaviors such as passwords, but that organizational requirements must be taken into account to ensure adequate security.

The report is based on the fact that current EU product laws are based on tangible material, such as the electrical properties of a product or the materials from which it is made, which cannot be adequately applied to something as intangible as cyber security.

Another issue is the fact that a product is currently on the market without the need for constant lifelong monitoring to ensure that cyber security threats and vulnerabilities do not escalate.

In terms of the usual maximum volume Consulting the basic cyber security standards of digital and European consultants, they agreed that defining these requirements for connected devices is critical to ensuring their overall security.

Horizontal regulation in this area is a key way to ensure adequate coordination between law and standards, and to adapt standards between different products and in different areas, the report said. He warned that the current production law was not enough.

Bart Gruitis, NIS2 policy reporter, told EURACTIV that the type of horizontal rule demanded in the report was important, but did not agree with the current NIS2 proposal, which he raised with the commission. Opportunities.

Without such a horizontal law, the EU’s cyber security strategy would be incomplete, he said. The Commission should initiate ideas as soon as possible.

According to Digital Europe, if existing product laws are used to address cyber security, it should be repealed only after the basic requirements have been implemented.

Homes that can be stolen

A study by Euroconsumers shows how these risks can affect consumers in a very personal way.

As part of the “Hidden Home” project, two ethical hackers tested 16 widely available home appliances made by well-known and unknown manufacturers and found a total of 54 vulnerabilities. Of the 10 devices tested, at least one was found to be “overweight” or “critical”.

“The results are shocking,” said Ell Brugman, head of Euro Consumer Policy and Enforcement. “Manufacturers need to work harder. This is crucial to building a consumer trust that allows the entire ecosystem to flourish. It does not happen unless it is safe and secure. ”

The findings echo concerns raised by other groups and experts about the potential hazards in many modern devices on the market. In many cases, passwords confirm the weak point, especially when the default login details, which devices do not usually change, come from the factory.

Which UK-based consumer group study? Earlier this year, it discovered 2,435 malicious attempts in just one week to gain access to devices with weak default usernames and passwords in the “smart home”.

[Edited by Luca Bertuzzi/Zoran Radosavljevic]

Leave a Comment